Many companies use secure devices, like token devices, to regulate access to their restricted resources. A company issues token devices to its employees and/or customers. The token devices generate numbers that change over time (e.g., every 1 minute). The company's server also generates numbers that track the numbers generated by the token devices. The numbers generated by the company's server are synchronized in time with the numbers generated by the token devices.
When a user attempts to gain access to a restricted resource of the company, the user provides the number currently shown on his token device to the company's server and a personal identification number (PIN). The company's server regulates access to the restricted resource based on the user-provided number matching the number it generated, and the user's PIN.
Token devices are expensive. While each token device alone may not be that expensive, it becomes expensive when purchasing token devices for all of a company's employees and/or customers. Also, token devices need to be periodically replaced (e.g., every 3 years). Therefore, token devices become a continuing expense. Further, it becomes impossible for an employee/customer to access the company's restricted resource if the employee/customer loses or forgets his token device.